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Abstract—In this paper, we show that attackers can exfiltrate 
data from air-gapped computers via Wi-Fi signals. Malware in 
a compromised air-gapped computer can generate signals in the 
Wi-Fi frequency bands. The signals are generated through the 
memory buses - no special hardware is required. Sensitive data 
can be modulated and secretly exfiltrated on top of the signals. 
We show that nearby Wi-Fi capable devices (e.g., smartphones, 
laptops, IoT devices) can intercept these signals, decode them, 
and send them to the attacker over the Internet. To extract 
the signals, we utilize the physical layer information exposed 
by the Wi-Fi chips. We implement the transmitter and receiver 
and discuss design considerations and implementation details. We 
evaluate this covert channel in terms of bandwidth and distance 
and present a set of countermeasures. Our evaluation shows that 
data can be exfiltrated from air-gapped computers to nearby 
Wi-Fi receivers located a distance of several meters away. 


I. INTRODUCTION 


One of the initial phases in the kill chain of advanced 
persistent threats (APTs) is infiltrating the network of the 
target organization. To achieve this goal, adversaries may use 
attack vectors, such phishing emails, compromised websites, 
malicious documents, exploit kits, and other types of online 


attacks [15]. 
A. Isolated, Air-Gapped Networks 


When highly sensitive or confidential information is in- 
volved, an organization may resort to air-gapped networks. 
Such networks are disconnected from the Internet logically 
and physically, with any type of wired or wireless connection 
to the Internet strictly prohibited |B]. Certain sectors may 
maintain their data within air-gapped networks, including 
financial, defense, and critical infrastructure sectors. In many 
cases, operational technology (OT) networks are also kept 
isolated from the Internet to protect the physical processes and 
machinery used to carry them out [5]. Classified networks such 
as the Joint Worldwide Intelligence Communications System 
are also known to be air-gapped [7]. 


B. Infecting Air-Gapped Networks 


Despite the high degree of isolation, air-gapped networks 
are not immune to cyber attacks. To penetrate highly secure 
networks, motivated adversaries may employ complex attack 
vectors, such as sabotaging the supply chain, compromising a 
third-party software, using malicious insiders, and exploiting 
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deceived insiders [20}[5]. These techniques allow the attackers 
to insert targeted malware into systems within the isolated 
environment. 

One of the most famous incidents in which the air-gap 
was breached involved the Stuxnet worm which targeted su- 
pervisory control and data acquisition (SCADA) systems and 
destroyed an estimated 1,000 centrifuges at an Iranian uranium 
enrichment facility [53]. In 2018, the US Department of 
Homeland Security accused Russian hackers of penetrating the 
internal network of America’s electric utilities [4]. In 2019, the 
media reported that the Kudankulam Nuclear Power Plant was 
the target of a successful cyber attack earlier that year [21]. 
In addition, sophisticated malware, such as SymonLoader 


and other advanced persistent threats capable of compromising 
air-gapped networks, were found in the wild [14], [I], (15). 


C. Air-Gap Exfiltration 


Once the attacker has taken his/her its initial step into the 
air-gapped network, he/she moves on to the next phases of 
the kill chain. In these subsequent phases sensitive data is 
collected, including: documents, files, keylogging, credentials, 
and biometric information. In the case of Internet connected 
networks the data is exfiltrated through covert channels within 
Internet protocols (e.g., HTTPS, FTP, SSH, and SMTP (61}). 
However, in isolated air-gapped networks, the attacker must 
use unconventional communication techniques to leak the data 
out - methods which are referred to as air-gap covert channels 
29]. Over the years, various types of air-gap covert channels 
have been introduced. For example, malware may exploit 
electromagnetic radiation from various computer components 
to transmit data [B2], (51), (52), (60), (B1). Acoustic [19], 
[40], optical [55], [44], [45], thermal [35], magnetic [27], 
and electric air-gap covert channels have also been 
demonstrated over the past 20 years [18]. 


D. Our Contribution 


In this paper we introduce a new type of covert channel 
that exploits Wi-Fi to leak data from air-gapped networks. 
The AIR-FI attack introduced in this paper does not require 
Wi-Fi related hardware in the air-gapped computers. Instead, 
we show that an attacker can exploit the DDR SDRAM buses 
to generate electromagnetic emissions in the 2.4 GHz Wi-Fi 


bands and encode binary data on top of it. We also show 
that nearby Wi-Fi receivers, such smartphones, laptops, and 
Internet of Things (IoT) devices, can receive and decode the 
modulated data, and then send it to the attacker via the Internet. 

The AIR-FI covert channel has the following characteristics: 


e Requires no Wi-Fi transmitter. The method doesn’t 
require any type of Wi-Fi hardware in the air-gapped 
computer. Instead, it uses the computer memory hardware 
(DDR SDRAM) to generate the signals. 

e Requires no special privileges. The transmitting code 
does not require special privileges (e.g., root), kernel 
drivers, or access to hardware resources. Furthermore, it 
can be initiated from an ordinary user space process. 

e Works in virtual machines (VMs). The covert channel 
works effectively, even from within an isolated virtual 
machine. 

e Has many potential receivers. Modern IT environments 
are equipped with many types of Wi-Fi capable devices: 
smartphones, laptops, IoT devices, sensors, embedded 
systems and smart watches and other wearables devices. 
The attacker can potentially hack such equipment to 
receive the AIR-FI transmissions from air-gapped com- 
puters. 


The rest of this paper is organized as follows: Related work 
is presented in Section The attack model is discussed in 
Section [IIT] Technical background on DDR SDRAM and Wi- 
Fi is provided in Section |IV] Sections [V|and [VJ] respectively, 
contain details on signal generation and modulation, and data 
transmission and reception. In Section we present the 
evaluation and measurement results. A set of countermeasures 
is discussed in Section [VIII] and we conclude in Section 


II. RELATED WORK 


Air-gap covert channels are classified into seven main cate- 
gories: electromagnetic, magnetic, electric, acoustic, thermal, 
optical and vibrational. 

Kuhn showed that it is possible to exploit the electromag- 
netic emissions from the computer display unit to conceal 
data [51]. AirHopper, presented in 2014, is a new exfiltration 
malware, capable of leaking data from air-gapped computers 
to a nearby smartphone via FM radio waves emitted from 
the screen cable [32], (B4]. In 2015, Guri et al presented 
GSMem [31], malware that transmit data from air-gapped 
computers to nearby mobile-phones using cellular frequencies. 
USBee is malware that uses the USB data buses to generate 
electromagnetic signals (33). 

In order to prevent electromagnetic leakage, Faraday cages 
can be used to shield sensitive systems. Guri et al presented 
ODINI and MAGNETO [27], two types of malware that 
can exfiltrate data from Faraday-caged air-gapped computers 
via magnetic fields generated by the computer’s CPU. With 
MAGNETO the authors used the magnetic sensor integrated 
in smartphones to receive covert signals. 

In 2019, researchers show how to leak data from air-gapped 
computers by modulating binary information on the power 


TABLE I 
SUMMARY OF EXISTING AIR-GAP COVERT CHANNELS 


Type Method 


AirHopper (FM radio) [32], 
GSMem (cellular frequencies) 
USBee (USB bus emission) 
AIR-FI (Wi-Fi frequencies) 


Electromagnetic 


MAGNETO (CPU-generated magnetic fields) 


Magneut ODINI (Faraday shield bypass) 


Electric PowerHammer (power lines) 


Fansmitter (computer fan noise) 
DiskFiltration (hard disk noise) 
Mesias Ultrasound 

MOSQUITO (speaker-to-speaker) 


CD-LEAK (sound from CD/DVD drives) 


POWER-SUPPLAY (Play sound from Power-Supply) 


Thermal BitWhisper (CPU generated heat) 


HOTSPOT ( CPU generated heat received by a smartphone) 


LED-it-GO (hard drive LED) 

VisiSploit (invisible pixels) 

Keyboard LEDs 

Router LEDs 

aIR-Jumper (security cameras and infrared) 


Optical 


Vibrations 


AiR-ViBeR (computer fan vibrations) 


lines [42]. The data is modulated and conducted to the power 
lines and received by an adversary tapping the wires. 

Several studies have proposed the use of optical emanations 
from computers for covert communication. Loughry intro- 
duced the use of keyboard LEDs [55]. Guri used the hard 
drive indicator LED [44], USB keyboard LEDs [41], router 
and switch LEDs [43], and security cameras and their IR LEDs 
28], in order to exfiltrate data from air-gapped computers. 
Data can also be leaked optically through fast blinking images 
or low contrast bitmaps projected on the LCD screen [30]. 

Hanspach used inaudible sound to establish a covert 
channel between air-gapped laptops equipped with speakers 
and microphones. Guri et al introduced Fansmitter [40], Disk- 
filtration [37], and CD-LEAK malware which facilitates 
the exfiltration of data from an air-gapped computer via 
noise intentionally generated from the PC fans, hard disk 
drives [37], and CD/DVD drives [25]. In these methods, the 
transmitting computer does not need to be equipped with audio 
hardware or an internal or external speaker. Researchers also 
showed that the computer fans generate vibrations which can 
be sensed by a nearby smartphone using the accelerometer 
sensor [24]. Other papers presented malware that covertly turns 
the speakers and earphones connected to a PC into a pair 
of eavesdropping microphones when a standard microphone 
is muted, turned off, or not present [39]. Recently, 
researchers demonstrated how malware can turn the computer 
power supply into out-of-band speaker in order to exfiltrate 
information [26]. 

Guri et al introduced BitWhisper and HOTSPOT [23], 
thermal-based covert channels enabling bidirectional commu- 
nication between air-gapped computers by hiding data in 
temperature changes. The heat which is generated by the 
CPU can be received by temperature sensors of computers 
or smartphones, decoded, and sent to the attacker. 

Table |I| summarizes the existing air-gap covert channels. 


II]. ATTACK MODEL 
A. Infecting the Air-Gapped Network 


In a preliminary stage, the air-gapped network is infected 
with an APT. In a typical APT kill chain, the attackers 
research their targets and carefully plan the attacks [15]. After 
defining the initial target, attackers might install malware on 
the network via various infection vectors: supply chain attacks, 
contaminated USB drives, social engineering techniques, or 
by using malicious insiders or deceived employees. Note 
that infecting air-gapped networks can be accomplished, as 
demonstrated by the attacks involving Stuxnet [54], Agent.Btz 
[22], and other malware [13], (6), [14]. At that point, the APT 
might exploit vulnerabilities to spread in the network in order 
to strengthen its foothold. 


B. Infecting Wi-Fi Devices 


The attacker must infect Wi-Fi capable devices in the area 
of the air-gapped network. Such devices might be smartphones 
of visitors or employees, desktop and laptop computers with 
wireless networking, or IoT devices with Wi-Fi transceivers. 
Since the devices use wireless networking they can be infected 
through Wi-Fi. Compromising the devices can be done by 
exploiting vulnerabilities in the Wi-Fi hardware/software or 
via flaws in the network protocols. Such attacks were demon- 
strated on smartphones [59], laptops with Wi-Fi network 
interface cards (NICs) [16], and a wide range of IoT devices 
such as smart bulbs [57], smart locks [48], and more [58], 
|S6). 

The compromised Wi-Fi capable devices are installed with 
the receiver side of the malware. In most cases, the malicious 
code will be executed within the kernel driver or the firmware 
which drive the Wi-Fi hardware. The malware collects the Wi- 
Fi signals, detects the covert AIR-FI transmission, decodes the 
information, and sends it to the attacker over the Internet. 


C. Data Exfiltration 


As a part of the exfiltration phase, the attacker might 
collect data from the compromised computers. The data can 
be documents, key logging, credentials, encryption keys, etc. 
Once the data is collected, the malware initiates the AIR-FI 
covert channel. It encodes the data and transmits it to the 
air (in the Wi-Fi band at 2.4 GHz) using the electromagnetic 
emissions generated from the DDR SDRAM buses. The attack 
is illustrated in Figure[I] Malware in the air-gapped computer 
(A) uses the memory to generate signals in the 2.4 GHz Wi-Fi 
frequency band. Binary information is modulated on top of the 
signals and received by a nearby Wi-Fi receivers (e.g., laptop 
(B) and smartphone (C)). 


IV. TECHNICAL BACKGROUND 


A. DDR SDRAM 


The double data rate (DDR) synchronous dynamic random- 
access memory (SDRAM) is the type of memory modules 
integrated into modern motherboards. The DDR technology 
doubles the bus bandwidth by transferring data on both 


Fig. 1. illustration of the AIR-FI attack. Malware in the air-gapped computer 
(A) uses the DDR memory to generate signals in the 2.4 GHz Wi-Fi frequency 
band. Binary information is modulated on top of the signals and received by 
a nearby Wi-Fi receivers (e.g., laptop (B) and smartphone (C)). 
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Fig. 2. DDR SDRAM memory buses. 


the rising and falling edges of the memory bus clock. In 
DDR SDRAM the bus bandwidth is referred to in megabits 
per second. The bandwidth B is calculated by the formula 
B= (f *2x«l)/8, where f is the memory bus clock rate and / 
is the width of the line transfer. Another important parameter 
of memory modules is the Column Address Strobe (CAS) 
latency, also known as the CL. This is the time delay between 
when the read command is delivered to the memory and the 
beginning of the data response. 


B. DDR Memory Bus 


Data is exchanged between the CPU and the memory 
over dedicated buses (Figure [2). The memory buses maintain 
two types of signals: (1) the address bus which transfers 
addresses and commands, and (2) the data bus (DQ bus) which 
transfers the actual data. The address bus sends commands and 
instructions from the controller to the SDRAM. The bus is 
synchronized to the clock (CLK) signals, with the signals on 
the address bus being sampled by the SDRAMs on the rising 
edge of the CLK signal. 

The memory buses generate electromagnetic radiation at a 
frequency correlated to its clock frequency and harmonics. 
For example, DDR4-2400 emits electromagnetic radiation at 
around 2400 MHz. 


TABLE II 
LIST OF THE REGULATED WI-FI CHANNELS (802.11B/G/N) 


Range North 


Channel Center (MHz) (MHz) AfeeriGa Japan Others 
1 2412 2401-2423 Yes Yes Yes 
2 2417 2406-2428 Yes Yes Yes 
| 2422 2411-2433 Yes Yes Yes 
4 2427 2416-2438 Yes Yes Yes 
S 2432 2421-2443 Yes Yes Yes 
6 2437 2426-2448 Yes Yes Yes 
a 2442 2431-2453 Yes Yes Yes 
8 2447 2436-2458 Yes Yes Yes 
9 2452 2441-2463 Yes Yes Yes 
10 2457 2446-2468 Yes Yes Yes 
11 2462 2451-2473 Yes Yes Yes 
12 2467 2456-2478 Canada only ‘Yes Yes 
13 2472 2461-2483 No Yes Yes 
14 2484 2473-2495 No 11b only No 


C. Overclocking/Underclocking 


The memory modules provide the BIOS/UEFI (Unified 
Extensible Firmware Interface) a set of frequencies that it can 
operate at. This information is defined according to the JEDEC 
(Joint Electron Device Engineering Council) specification, and 
it is passed during the boot through a mechanism called 
Serial Presence Detect (SPD). Intel allows the standard timing 
parameters of the installed memory to be changed via a spec- 
ification called Extreme Memory Profile (XMP). With XMP 
the user can modify the parameters of the memory such as the 
frequency and CAS latency. Changing the operating frequency 
of the memory modules is referred to as overclocking (for 
increasing the frequency) and underclocking/downclocking 
(for decreasing the frequency). 


D. Wi-Fi Frequency Bands 


The IEEE 802.11 standard defines the frequency ranges 
in the electromagnetic spectrum allowed for Wi-Fi commu- 
nications. There are several versions of the 802.11 standard. 
These standards define factors, such as the frequency ranges, 
bandwidths and distances. Today, most Wi-Fi chips support the 
802.11b/g/n standards. The 802.11b/g/n standards are often 
referred to as the 2.4 GHz band. A range of 2.400 - 2.490 
GHz is the most widely used and certified range available 
for Wi-Fi. The standards define a total of 14 channels in the 
2.4 GHz band, but only 11 of these channels are allowed 
in all countries. The first 11 channels have a space of 5 
MHz between them, and there is a space of 12 MHz between 
channel 13 and 14. A common bandwidth of a Wi-Fi channel 
is 20 MHz which means that signals of adjacent channels 
may interfere with each other. Table contains a list of 
the regulated Wi-Fi channels supported by the 802.11b/g/n 
standards. 


V. TRANSMISSION 


In this section we present the signal generation technique, 
data modulation, and data transmission protocol. 


A. Electromagnetic Emission 


There are two types of electromagnetic emissions that 

emanate from memory buses. 

e Persistent Emission. An electromagnetic emission con- 
tinuously generated by the memory controller regardless 
of the activity in the address/data buses. This radiation 
spans the entire spectrum of the DDR SDRAM frequency 
when the computer is turned on. 

e Triggered Emission. An electromagnetic emission gen- 
erated from the electronic activities (current flow) in the 
data bus. This emission is correlated to the memory 
read/write operations executed by processes currently 
running in the system. 


B. Signal Generation 


Based on the above observations, we used two techniques 

to generate Wi-Fi signals from the an air-gapped computer. 

e Memory operations. We transfer data in the data bus to 
generate an electromagnetic emission at the frequency of 
the memory modules. Since the clock speed of memory 
modules is typically around the frequency of 2.4 GHz or 
its harmonics, the memory operations generate electro- 
magnetic emissions around the IEEE 802.11b/g/n Wi-Fi 
frequency bands. 

e Memory operations + clocking. When the operational 
frequency of the memory modules is not near the 
2.4 GHz frequency or its harmonics, we initially 
overclock/downclock the memory speed to the fre- 
quency of Wi-Fi bands or its harmonics. The overlock- 
ing/downclocking operation can be done programmati- 
cally or at the BIOS/UEFI configuration level. Following 
the frequency adjustments, we perform the memory op- 
eration schemes described above to generate emissions at 
the Wi-Fi frequency band. Note that malware which are 
capable of reconfiguring BIOS/UEFI were found in the 


wild [10], {9}. 


C. Channel Interference 


The generated emission from the data bus interfere with 
the Wi-Fi channels. The interferences in the corresponding 
channel can be measured at the PHY layer of the 802.11 
protocol stack. The operation is illustrated in figure [3] In this 
case the AIR-FI signals are generated at 2.44000 GHz. The 
signal are interfering with channels 5-8. 


D. Modulation 


Algorithm |1} shows the signal modulation process using 
the memory operation technique using on-off keying (OOK) 
modulation. The modulateRAM function receives the array 
of bits to transmit (bits) and the bit time in milliseconds 
(bitTimeMillis). This function iterates over the bits and 
according to the current bit, the algorithm determines the 
operation to perform during a bit time period. If the bit is 
°1’ Cine 4) it performs a series of memory write operations 
which consists of sequential memory copying between two 
arrays each the size of 1 MB size each (lines 6-7). This loop 
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Fig. 3. AIR-FI channel interference. 
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Fig. 4. Signal generation with concurrent threads. 


effectively generates the emission from the data bus. If the bit 
is °0’ the algorithm sleeps for a bit time period, which stops 
the emission from the RAM bus. 


Algorithm 1 modulateRAM (bits, bitTimeMillis) 
1: bitEndTime < getCurrentTimeMillis() 
2: for bit in bits do 
3: bitEndTime <— bitEndTime + bitTimeMillis 
4: if bit == 1 then 
5 while getCurrentTimeMillis() < bitEndTime 


do 

6 memcopy(array1, array2) 
7: memcopy(array2, array1) 
8 end while 

9 else 

10: sleep(bitTimeMillis) 

11: end if 

12: end for 


I) Multi cores: The signal generation algorithm shown 
above runs on a single CPU core. In order to amplify the 
signal, we execute the code generation in several concurrent 
threads, where each thread is bound to a specific core. The 
memory operation of the threads are synchronized by a 
governor thread using the POSIX thread functions, such as 
thread_barrier_wait. Signal generation with concur- 
rent threads is depicted in Figure 
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Fig. 5. AIR-FI packet as transmitted from a workstation with a DDR4 (2400 
MHz) memory module. The transmission overlaps channels 3,4, and 5. 


E. Packets 


The data is transmitted in packets that consist of a preamble, 

payload and error-detecting code. 

e Preamble. The packet begins with a 0xAA hex value. This 
sequence of 10101010 in binary allows the receiver 
to synchronize with the beginning of each packet and 
determine the carrier amplitude and one/zero thresholds. 

e Payload. The payload is the raw binary data transmitted 
within the packet. It consists of 32 bits. 

e Error detection. For error detection, we use the CRC-8 (a 
cyclic redundancy check) error detection algorithm. The 
CRC is calculated on the payload data and added at the 
end of each packet. On the receiver side, if the received 
CRC and the calculated CRC differ, the packet is omitted. 

Figure shows an AIR-FI packet transmitted from a 

workstation with a DDR4 (2400 MHz) memory module. In 
this case, the transmission around 2.42 GHz overlaps Wi-Fi 
channels 3,4, and 5. 


VI. RECEPTION 


As shown in Section [V] the electromagnetic emissions gen- 
erated by the data bus are around the 2.4 GHz frequency range 
and overlap the Wi-Fi channels. In Wi-Fi transceiver chips, the 
baseband processor handles the radio, PHY and MAC layers. 
The Internet, transport, and application layers are processed by 
the software protocol stack, usually in the kernel drivers. In 
order to measure the interference generated, the attacker has to 
access the low-level radio measurement information from the 
PHY layer. This can be done by compromising the firmware of 
the Wi-Fi chips and passing the required radio measurements 
to the software stack. The architecture of AIR-FI malware is 
illustrated in Figure (6| The firmware level code invokes the 
radio frequency (RF) information which is usually maintained 
through the Rx chain to reach the baseband processing. The 
data is passed to the AIR-FI at the application layer through 
operating system (e.g., via kernel module). 
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Fig. 7. The FFT measurements of Wi-Fi channel 3 as measured by the Atheros 
Wi-Fi receiver, with a transmission from the air-gapped computer. The signal 
can be seen in the 2424 MHz bin. 


A. Wi-Fi Chip PHY Layer 


To access the radio and PHY layer data, we used the spectral 
analysis feature within Atheros 802.11n Wi-Fi chipsets. The 
Atheros chips (AR92xx and AR93xx) can report the data of 
the raw FFT measurement data from the baseband processor to 
the software stack. The data consists of vector of FFT bins for 
56 subcarriers of the 20 MHz bandwidth channels. The data 
includes the absolute magnitude (abs(i) + abs(q)) for each 
bin, an index for the the strongest FFT bin, and the maximum 
signal magnitude. 


Figures [7] and [8] show Wi-Fi channel 3 with and without 
AIR-FI transmission, respectively. The 56 bins of FFT are 
measured by the Atheros Wi-Fi chipset and delivered to the 
application layer. As can be seen, with the AIR-FI transmis- 
sion, the amount of energy in the 2.424 GHz frequency bin 
is significantly higher than other bins in this channel with an 
SNR value of 9 dB. 
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Fig. 8. The FFT measurements of Wi-Fi channel 3 as measured by the Atheros 
Wi-Fi receiver, without a transmission from the air-gapped computer. 


B. Reception Modes 


The Atheros chips support two main modes of reception: 
(1) scanning mode, and (2) triggering mode. 

1) Scanning mode: In this mode the FFT information is 
returned for every Wi-Fi channel when a channel scan is 
performed. This can stop the Wi-Fi reception for the several 
hundred milliseconds it takes to scan the whole spectrum. This 
mode is maintained by setting the chanscan value to the 
spectral_scan_ctl1 control device. This mode can be 
used by the attacker to search for a covert transmission if 
the channel is unknown in advance. 

2) Triggering mode: In this mode, the FFT information 
is returned for a specific Wi-Fi channel when the Wi-Fi is 
operating. This mode is maintained by setting the value of the 
spectral_scan_ct1 control device to manual and then 
initiating t rigger commands. The scan samples are returned 
continuously from the channel currently configured. 

As seen in Figure P| the triggering mode is considerably 
faster than the scanning mode. The graph shows the number 
of FFT frames received in the scanning and triggering modes 
over a period of five seconds. The scanning mode can be 
used by malware to search the AIR-FI transmissions if the 
operational frequency is unknown in advance. After detecting 
a transmission, the malware can begin to operate in the 
triggering mode to receive the actual data (Figure {10}. 


C. Demodulation 


The pseudo code of the demodulator is presented in Algo- 
rithm [2] We provide the implementation for a software defined 
radio (SDR) receiver. 

a) Atheros Wi-Fi Chip: Note that the implementation 
for the Atheros Wi-Fi receiver is based on the same con- 
cepts of the SDR code shown in Algorithm |2} However, the 
Atheros implementation includes the extra steps of triggering 
the spectral_scan_ctl1 device, and receiving, buffing, 
decoding and parsing the FFT frames exposed by the Atheros 
chip. To simplicity the discussion and since we are not 
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Fig. 10. The transition between the scanning and triggering mode. 


considering this as the main contribution of our work, we 
omitted the chip-specific details from our discussion. 

The OOK demodualtor is based on sampling and processing 
the FFT information for the specific Wi-Fi channel. In lines 
2-3, the SDR device is initialized and the receiving buffer 
is configured with the frequency (in MHz) of the channel to 
monitor, the sampling rate, and the buffer size. The demodu- 
lator continuously samples the data in the required frequency 
and splits it into windows of windowSize size. For each 
window, the algorithm estimates the power spectral density 
using Welch’s method (lines 9-14). It then detects the enable 
sequence (10101010) using the detectEnable routine 
(Algorithm 3). and determines the thresholds (amplitudes) for 
*1’ and ’0’ bits (lines 15-18). Finally, the bits are demodulated 
and added to the output vector (lines 18-21). 


VII. EVALUATION 
In this section, we present the analysis and evaluation of the 
AIR-FI covert channel. We describe the experimental setup, 
and test the different reception modes used to maintain the 
covert channel. We also evaluate the efficacy of the covert 
channel in virtualized environments. 


A. Experimental Setup 


1) Receivers: We used two types of receivers for reception: 


e A software-defined radio (SDR) receiver. 
e A USB Wi-Fi network adapter. 


Algorithm 2 demodulate(deviceAddress, freq, sampleRate, 
bufferSize, bitTime, windowSize) 
1: enabled + False 
2: cta + setupContext(device Address) 
3: rabuf <<  setupR«Buf (ctx, freq, sampleRate, — 
.., buf fer Size) 


4: 

5: while True do 
6: rabuf.refill() 
7 buf fer = rxbuf.read() 

8 windows = splitToW indows(buf fer, windowSize) 
9 for window in windows do 


10: spectrum = welch(window) 

I: sampleV alue — spectrum|0] 

12: sample + [getCurrentTime(), sampleV alue] 

13: samples.append(sample) 

14: end for 

15: if not enabled then 

16: thresh, enabled — 
detect Enable(samples, bitT ime) 

17: end if 

18: while enabled and enoughSamplesForBit << 
(samples, bitTime) do 

19: bit ~ samplesT oBit( samples, bitTime, thresh) 

20: output (bit) 

21: end while 


22: end while 


Table contains the specs of the receiver devices. The 
ADALM-PLUTO SDR is capable of sampling the Wi-Fi 
frequency band and has RF coverage from 325 MHz to 3.8 
GHz. The TL-WN722N Wi-Fi USB wireless network adapter 
is equipped with the Atheros AR9271 chipset which supports 
spectral scan capabilities. During the evaluation, we connected 
the receivers to a Lenovo ThinkCentre M93p workstation, with 
an Intel Core 17-4785T and Ubuntu 16.04.1 4.4.0 OS. 


used the 
in Table 
were in- 


2) Transmitters: For the transmission we 
four types of off-the-shelf workstations listed 
WORKSTATION-1 and WORKSTATION-2 
stalled with two standard DDR4 2400 MHz modules. 
WORKSTATION-3 and WORKSTATION-4 were equipped 
with DDR3 modules (2133 MHz and 1600 MHz, respec- 
tively). WORKSTATION-3 and WORKSTATION-4 were used 
to evaluate the attack scenario in which the memory is 
maliciously overclocked to reach the Wi-Fi frequency band. 


The following subsections present the results obtained for 
the four workstations. During the experiments we transmitted 
sequences of frame packets. We tested three receiver modes: 
(1) the SDR, (2) the Wi-Fi adapter operating in the scanning 
mode, and (3) the Wi-Fi adapter operating in the triggering 
mode. We measured the SNR values using the SDR receiver, 
and the BER values were measured using the SDR and Wi-Fi 
receiver. 


Receiver # Device 


TABLE II 
RECEIVERS USED IN THE EVALUATION 


Specs 


SDR ADALM-PLUTO Frequency range from 325 MHz to 3.8 GHz, based on AD9363 transceiver 
Wi-Fi TL-WN722N V1.10 Frequency range from 2.4 GHz to 2.4835 GHz, 4 dBi detachable omni directional antenna 
TABLE IV 
THE WORKSTATIONS USED FOR THE EVALUATION 
PC Hardware RAM OS 
ASRock ATX DDR4 X99 Extreme4 Crucial 4 * 4GB DDR4 SRAM Ubuntu 18.04.1 
WORRST SON CPU- Intel Core i7-6900K @ 3.2Ghz- 16 cores 2.4GHz RAM clock 4.15.0-72-generic 
ASRock ATX DDR4 X99 Extreme4 SK Hynix 4 * 4GB DDR4 SRAM Ubuntu 18.04.1 
WOES TAHONS CPU- Intel Core i7-6900K @ 3.2Ghz- 16 cores 2.4GHz RAM clock 4.15.0-72-generic 
X99-UD4-CF : Ubuntu 18.04.2 


WORKSTATION-3 (overclocked) 


WORKSTATION-4 (overclocked) 197M-D3H 


Algorithm 3 detectEnable(samples, bitTime) 


Intel Core i5-5820K 


Intel Core 17-4790 


* 
4 * 4GB DIMM DDR3 2133MHz Micron 5.0.0-36-generic 


Ubuntu 18.04.1 


4 * 4GB DIMM DDR3 1600MHz Hynix 4,15.0-72-generic 
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return O, False 
end if 
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samplesDuration <— gel Samules Durationlsamibles) 
bitsInSamples — samplesDuration/bitTime 
if bitsInSamples < 2 * len(enableSequence) then 


calculatedCorr < calculateSampleCorrelationT oBits <— 2423.80 
(samples, enableSequence, bitTime) 
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9: if calculatedCorr < CORR_THRESH then 2 : 7 a Oe 


10: samples|:] <— samples{1 :] 
11: return O, False 
12: end if 


14: maxCorr < calculatedCorr 
15: maxCorrIndex < 0 


Time (s) 


Fig. 11. A transmission from WORKSTATION-1. 


B. WORKSTATION-1 (2.4 GHz) 
Figure presents the signal generated from 


16: for index in range(1,len(samples)) do WORKSTATION-1 with all cores participating in the 


17: calculatedCorr 


‘transmission. A signal with a bandwidth of 1 kHz exists 


calculateSampleCorrelationT oBits(samples|index : in the 2423.804 - 2423.805 MHz range. In this case, the 


], enableSequence, bitTime) 


preamble sequence (10101010) can be seen at the beginning of 


if calculatedCorr > maxCorr then the transmission. The signal generated by WORKSTATION- 1 
I: maxCorr « calculatedCorr interferes with channels 3,4, and 5. 

a maxCorrindex + index 1) SDR: Table presents the signal-to-noise ratio 
oy end if (SNR) and bit error rate (BER) results, respectively, with 
22: end for WORKSTATION-1 as the transmitter and an SDR receiver 
a) as the receiver. In this case, we transmitted the data at a bit 
24: samples|:] = samples|maxCorr Index :| rate of 100 bit/sec and maintained a BER of 8.75% for a 


25: enableSamples = extractEnableSamples(samples) 
26: thresh = calculateThresh(enableSamples) 


27: return thresh, True 


distance up to 180 cm from the transmitter. Note that due to 
the local ramifications and interference, the signal quality may 
vary with the distance and location of the receiver. 


2) Scanning & triggering modes: Table presents the 
BER results with WORKSTATION-1 as the transmitter and the 
Wi-Fi dongle as the receiver when operating in the scanning 


TABLE V 
THE SNR AND BER MEASURED WITH WORKSTATION-1 (SDR RECEIVER) 


Distance (cm) 0 30 60 90 120 150 180 210 
SNR 144dB 10dB 13dB 5dB 18dB 13dB 20dB 3dB 
BER 0% 0% 0% 0% 0% 0% 8.75% 22.5% 
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Fig. 12. A transmission from WORKSTATION-2. 


and triggering modes. In scanning mode we were able to 
maintain BER of 0% for the entire distance range of 0 - 180 
cm, with a bit rate of 1 bit/sec. In the triggering mode we 
maintained a BER of 0 - 8.33% for the range of 0 - 210 cm, 
with a bit rate of 10 bit/sec. 


C. WORKSTATION-2 (2.4 GHz) 


Figure presents the signal generated from 
WORKSTATION-2 with all cores participating in the 


transmission. A signal with a bandwidth of | kHz exists in 
the 2423.8045 - 2423.8055 MHz frequency range. In this 
case, the preamble sequence (10101010) can be seen at 
the beginning of the transmission. The signal generated by 
WORKSTATION-?2 overlaps with channels 3,4, and 5. 

I) SDR: Table presents the SNR and BER results, 
respectively, with WORKSTATION-2 as the transmitter and 
an SDR receiver as the receiver. In this case, we transmitted 
the data at a bit rate of 100 bit/sec and were able to maintain a 
BER of 3.75% for a distance up to 210 cm from the transmit- 
ter. Note that due to the local ramifications and interference, 
the signal quality might vary with the distance and location of 
the receiver. 

2) Scanning & triggering modes: Table [VII]] presents the 
BER results with WORKSTATION-2 as the transmitter and 
a Wi-Fi dongle as the receiver in the scanning and triggering 
modes. In the scanning mode, we were able to maintain a BER 
of 0% for the entire range of 0 - 270 cm, with a bit rate of 
1 bit/sec. In the triggering mode, we were able to maintain a 
BER of 0 - 4.16% for the range of 0 - 210 cm, with a bit rate 
of 10 bit/sec. 


D. WORKSTATION-3 (2133 MHz overclocked) 


The signal generated by WORKSTATION-3 resides in the 
2402 MHz band which interferes with Wi-Fi channel 1. 

Table IX presents the BER results with 
WORKSTATION-3 as the transmitter and the SDR receiver 
and Wi-Fi dongle as the receivers. In this case, a single core 
maintains the transmission. The workstation DRAM was 
overclocked to 2.4 GHz to target the Wi-Fi frequency bands. 
With the SDR receiver we were able to maintain a BER of 
0% for the entire range of 0 - 100 cm, with a bit rate of 100 
bit/sec. With the Wi-Fi receiver in the scanning mode, we 
were able to maintain a BER of 0 - 0.15% for the range of 0 
- 100 cm, with a bit rate of 1 bit/sec. 

Table [X| presents the BER results with WORKSTATION-3 
as the transmitter and Wi-Fi dongle (triggering mode) as the 
receiver. In this case, we were able to maintain a BER of 0 
- 14.7% for the range of 0 - 300 cm, with a bit rate of 16 
bit/sec. 


E. WORKSTATION-4 (1600 MHz overclocked) 


The signal generated by WORKSTATION-4 resides in the 
2402 MHz band which interferes with Wi-Fi channel 1. 

Table [X]] presents the BER results with WORKSTATION- 
4 as the transmitter and the SDR receiver and Wi-Fi dongle 
as the receivers. In this case, a single core maintains the 
transmission. With the SDR we were able to maintain a BER 
of 0% for the entire range of 0 - 800 cm, with a bit rate of 
100 bit/sec. With the Wi-Fi dongle, we were able to maintain 
a BER of 0 - 0.17% for the range of 0 - 800 cm, with a bit 
rate of | bit/sec. 


F. Channels 


We measured the SNR values of AIR-FI transmission in 
2.4 GHz Wi-Fi channels 1-11. Figure shows the FFT 
measurements of channels 1-11 as measured by the Atheros 
Wi-Fi receiver, with a transmission from WORKSTATION-1. 
The AIR-FI signals can be seen in different frequencies of the 
channel. Table summarizes the SNR values measured in 
each case. The SNR values ranged from 4.5 dB in channel 5 
to 13 dB in channel 6. 


G. Virtual Machines (VMs) 


Virtualization technologies are commonly used in modern 
IT environments. One of their advantages is the isolation of 
hardware resources they enforce. Hypervisors/virtual machine 
monitors (VMMs) provide a layer of abstraction between 
the virtual machine and the physical hardware (CPU and 
peripherals). Since the covert channel is closely related to the 


TABLE VI 
THE BER MEASURED WITH WORKSTATION-1 (WI-FI RECEIVER) 


Distance (cm) 0 30 60 90 120 ~=—-150 180 =. 210 
BER (scanning) 0% 0% 0% 0% 0% 0% 0% 16.67% 
BER (triggering) 0% 0% 0% 8.33% 0% 4.16% 0% 0% 


TABLE VII 
THE SNR AND BER MEASURED WITH WORKSTATION-?2 (SDR RECEIVER) 
Distance (cm) 0 30 60 90 120 150 180 210 
SNR 13dB 14dB 6dB  5dB 11dB 8dB 10dB 4dB 
BER 0% 0% 0% 1.25% 1.25% 0% 0% 3.75% 
TABLE VIII 
THE BER MEASURED WITH WORKSTATION-2 (WI-FI RECEIVER) 
Distance (cm) 0 30 60 90 120 150 180 210 240 270 
BER (scanning) 0% 0% 0% 0% 0% 0% 0% 0% 0% 0% 


BER (triggering) 0% 4.16% 4.16% 0% 4.16% 0% O0% O% - - 


TABLE IX 
THE BER MEASURED WITH WORKSTATION-3 (SDR AND WI-FI RECEIVERS) 
Distance (cm) 0 10 20 30 40 50 60 70 80 90 100 
BER (Pluto SDR) 0% 0% 0.01% 0% 0% 0% 0% 0.02% 0% 0.01% 0.17% 


BER (Wi-Fi scanning) 0.01% 0.01% 0.02% 0.04% 0.04% 0.17% 0.25% 0.10% 0.11% 0.08% 0.15% 
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Fig. 14. The Extended Page Table (EPT) memory translation. 
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ee | : roy memory access timing, we examined whether the virtualization 
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“I . ChannelS | Channel6| Signal quality. Generally speaking, in Intel VT-x, the mapping 
“| {I i | between the guest physical addresses and the host physical ad- 
i \) i _ dress is done through the extended page table (EPT). With the 


+ _ EPT, for each memory access operation, the MMU maps the 
| guest linear address to the host physical address (Figure [14}. 
suse . Pie Note that the measurements show that this level of indirection 

iGhannel-y , ck Channel9, May increase memory access latencies for some workloads 
[5]. We examined a transmission from WORKSTATION-1 and 
WORKSTATION-3 using three setups: a bare metal machine, 
a VMware VMM, and a VirtualBox VMM. Table XII contains 
details on the systems examined. Our experiments show that 
the covert signals can be maintained, even from within virtual 
machines. For WORKSTATION-1 and WORKSTATION-3, 
we measured a difference of at most 1 dB between the bare 
metal, VMWare, and VirtualBox signals (Figure [15). 


VIII. COUNTERMEASURES 
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There are several defensive approaches that can be used 


Fig. 13. The FFT measurements of channels 1-11 as measured by the against the proposed covert channel. 


Atheros Wi-Fi receiver, with AIR-FI transmissions from WORKSTATION- 


A. Separation 
1. The relevant bin is marked in red. 5 P 


The U.S and NATO telecommunication security standards 
(e.g., NSTISSAM TEMPEST/2-95 [49]) propose zone separa- 


TABLE X 
THE BER MEASURED WITH WORKSTATION-3 (WI-FI RECEIVER TRIGGERING) 


Distance (cm) 0 50 100 150 200 250 300 
BER (percent) 6.8% 12.7% 14.7% 56% 4% 11.9% 10.2% 
TABLE XI 


THE BER MEASURED WITH WORKSTATION-4 AND SDR/WI-FI RECEIVERS 


Distance (cm) 0 100 200 300 400 500 600 700 800 
BER (Pluto SDR) 0 0 0 0.05 0 0 0 1) 0 
BER (Wi-Fi dongle) 0.04% 0.09% 0.02% 0.06% 0.17% O0% 0.1% 0.08% 0% 
TABLE XII 
SNR VALUES OF AIR-FI TRANSMISSION IN CHANNELS 1-11 
Channel 1 2 3 4+ 5 6 7 8 9 10 11 
AIR-FI frequency (GHz) 2411 2414 2.421 2.428 2.432 2.436 2442 2.446 2.452 2.454 2.461 
SNR 5dB 6dB 115dB 10dB 45dB 13dB  8dB 10dB 8 dB 10dB 10dB 
TABLE XIII 
VIRTUALIZATION 
# Host VMM/Hypervisor Guest SNR (dB) 
Bare metal Ubuntu 18.04.1 5.3.0-53-generic N/A N/A 5.09 
Virtualbox Ubuntu 18.04.1 5.3.0-53-generic — Virtualbox: 6.0.22 1137980 Ubuntu 18.04.1 5.3.0-28-generic 4.36 
VMware Ubuntu 18.04.1 5.3.0-53-generic | VMware Player: 15.5.2 build-15785246 Ubuntu 18.04.1 5.3.0-28-generic 5.32 
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Fig. 15. AIR-FI signal generated on bare metal, VMware and VirtualBox. 


tion to protect against TEMPEST (Telecommunications Elec- 
tronics Materials Protected from Emanating Spurious Trans- 
missions) threats and other types of radiated energy attacks. 
In this approach, Wi-Fi transceivers are not allowed in certain 
classified areas. The NATO zoning procedure defines measures 
in which areas within a secured perimeter are classified as 
zone 0 to zone 3, depending on the safety requirements of 


the specific asset. In our case, Wi-Fi capable devices, such 
as smartphones, smartwatches, laptops, and so on, should be 
banned from the area of air-gapped systems. 


B. Runtime Detection 


The signal generation algorithm is based on memory oper- 
ations which trigger the DDR SDRAM emissions. Host based 
intrusion detection systems can monitor the activity of the 
processes in the OS. In our case, a process that abnormally 
performs memory transfer operations would be reported and 
inspected. 

A challenge to the runtime detection approach is that the 
signal generation algorithm (presented in Section [Vp involves 
bare memory operations such as memcpy (). Monitoring the 
memory access instructions at runtime necessitates sandboxing 
or debugging of the process, which severely degrades per- 
formance and can easily be bypassed by malware using 
rootkit techniques [17]. In our case, the malware may inject 
a shellcode with a signal generation code into a legitimate, 
trusted process to bypass the security products. To overcome 
the evasion techniques, it is possible to employ solutions such 
as MemoryMonRWX, which is a bare metal hypervisor that 
can track and trap all types of memory access: read, write, and 
execute [50]. However, all these detection techniques would 
likely suffer from high rates of false alarms, since many 
processes intensively use the memory for legitimate needs 
(e.g., image processing, matrix calculations, etc.). Another 
approach is to use Wi-Fi monitoring hardware equipment in 
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Fig. 16. Signal jamming using intensive CPU operations. 


order to identify anomalies in the PHY layer of the Wi- 
Fi channels in the 802.11 bands [11]. However, due to the 
legitimate activities of local access points and devices on the 
Wi-Fi channels such a detection approach will lead to many 
false positives. 


C. Signal Jamming (hardware) 


It is possible to block the covert channel by jamming the 
Wi-Fi frequency bands. Modern Wi-Fi jammers are signal 
blocking devices with radio frequency (RF) hardware which 
transmits radio waves in the entire range of Wi-Fi frequency 
bands (2.4 / 5 GHz). A typical Wi-Fi jammer generates high 
power, constant radio transmissions which span the channels 
and mask any legitimate Wi-Fi transmissions [12]. 


D. Signal Jamming (software) 


In this approach, a background process which performs 
random memory or CPU operations is launched. The random 
workloads interfere with the execution of the malicious process 
and hence, interrupt the generation of the electromagnetic 
wave emanated from the memory buses. Figure shows 
the noise generated by WORKSTATION-1 when intensive 
prime number calculations were executed on one to eight cores 
using the matho-primes Linux command. Our measure- 
ments show that processes bound to six and eight cores, can 
significantly reduce the SNR of the original signal to SNR 
levels of 4.8 dB 3.1 dB, respectively. 


E. Faraday Shielding 


Faraday shielding is a special type of container used to 
block or limit the electromagnetic fields from interfering with 
or emanating from the shielded system. Faraday shielding 
copes with the threat presented in this paper by preventing the 
leakage of Wi-Fi signals from the shielded case. Generally, 
the computer shielding involves encompassing the computer 
in a Faraday cage that does not permit stray electromagnetic 
emanations. Physical isolation in which the whole room func- 
tions as an integral Faraday cage is also an option [2]. While 


this solution can be used in certain cases, it is impractical as 
a large-scale solution [12]. 


IX. CONCLUSION 


In this paper, we demonstrated how attackers can exfiltrate 
data from air-gapped computers to a nearby Wi-Fi receiver 


via 
the 


Wi-Fi signals. Our AIR-FI malware generates signals in 
2.4 GHz Wi-Fi frequency bands. The signals are generated 


through DDR SDRAM buses and do not require any special 


Wi- 


Fi hardware. Binary data can be modulated and encoded on 


top of the signals. We showed that a compromised nearby Wi- 
Fi device (e.g., smartphones, laptops, and IoT devices) can in- 
tercept these signals and decode the data. To extract the signals 


we 


Wi- 


utilized the low-level physical layer information that the 
Fi chips expose to the application layers. We implemented 


transmitters and receivers in different reception modes, and 
discussed design considerations and implementation details. 


We 


evaluated this covert channel in terms of bandwidth and 


distance and presented a set of countermeasures. Our results 
show that the covert channel can be effective at distances up 
to several meters from air-gapped computers. We achieved 
effective bit rates ranging from | to 100 bit/sec, depending 
on the type and mode of receiver used. 


[10] 
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